CORS Filter


Cross-origin resource sharing (CORS) support

The CORS filter allows a Java web application to handle cross-site HTTP requests from web browsers according to the Cross-Origin Resource Sharing (CORS) mechanism specified by the W3C recommendation from 2014-01-16.

Supported CORS request types:

Supported CORS headers:

Java Servlet Filter

The software is implemented as a Java servlet filter that can be plugged into any web application running in a standard Java servlet container, such as the popular open source Apache Tomcat server. The CORS filter does its job in a wholly transparent manner; no modifications to existing Java application code are required.


The CORS filter can be run in the default policy mode (all origins allowed, credentials allowed), or it may be optionally configured to impose a specific access policy.

The configuration can be passed as standard init-param elements in the web.xml descriptor file or in a properties file.

Available configuration parameters:

HTTP request tagging

Each filtered HTTP request can be tagged to provide optional CORS-related information to downstream handlers (other filters or the target resource).

Applied tags:

System requirements and dependencies

Source code

The CORS Filter source code, build script and demo code is included in the download package.


Browse the CORS Filter JavaDocs.

Change log